Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-3864
2025-05-28
N/A
0.0
Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit…
CVE-2025-5295
2025-05-28
HIGH
7.3
A vulnerability classified as critical was found in FreeFloat FTP Server 1.0.0. This vulnerability affects unknown code of the component…
CVE-2025-40673
2025-05-28
N/A
0.0
A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user…
CVE-2025-4963
2025-05-28
MEDIUM
6.4
The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up…
CVE-2025-1753
2025-05-28
HIGH
7.8
LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the `--files`…
CVE-2025-5287
2025-05-28
HIGH
7.5
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions…
CVE-2025-5082
2025-05-28
MEDIUM
6.1
The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachment_id’ parameter in all versions up…
CVE-2025-4947
2025-05-28
MEDIUM
6.5
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in…
CVE-2025-4009
2025-05-28
N/A
0.0
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface…
CVE-2025-4800
2025-05-28
HIGH
8.8
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation…
CVE-2025-2826
2025-05-27
LOW
2.6
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6…
CVE-2025-2796
2025-05-27
MEDIUM
5.3
On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit…
CVE-2024-45094
2025-05-27
MEDIUM
5.5
IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to…
CVE-2024-11185
2025-05-27
MEDIUM
6.5
On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to…
CVE-2025-40911
2025-05-27
MEDIUM
6.5
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which…
CVE-2025-32440
2025-05-27
CRITICAL
10.0
NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication…
CVE-2025-5279
2025-05-27
N/A
0.0
When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step…
CVE-2025-5222
2025-05-27
HIGH
7.0
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag'…
CVE-2025-5198
2025-05-27
MEDIUM
5.0
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included…
CVE-2025-46173
2025-05-27
MEDIUM
6.1
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback…
CVE-2025-45529
2025-05-27
HIGH
7.1
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending…
CVE-2025-5252
2025-05-27
HIGH
7.3
A vulnerability was found in PHPGurukul News Portal Project 4.1. It has been declared as critical. This vulnerability affects unknown…
CVE-2025-5251
2025-05-27
HIGH
7.3
A vulnerability was found in PHPGurukul News Portal Project 4.1. It has been classified as critical. This affects an unknown…
CVE-2025-5250
2025-05-27
HIGH
7.3
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some…
CVE-2025-5249
2025-05-27
HIGH
7.3
A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this vulnerability is…
CVE-2025-48057
2025-05-27
N/A
0.0
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance…
CVE-2025-5248
2025-05-27
HIGH
7.3
A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 1.0. Affected is an unknown…
CVE-2025-48370
2025-05-27
N/A
0.0
auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors…
CVE-2025-27701
2025-05-27
MEDIUM
5.5
In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling…
CVE-2025-27700
2025-05-27
HIGH
8.4
There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation…
CVE-2025-5247
2025-05-27
HIGH
7.3
A vulnerability, which was classified as critical, has been found in Gowabby HFish 0.1. This issue affects the function LoadUrl…
CVE-2025-5245
2025-05-27
MEDIUM
5.3
A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of…
CVE-2025-48383
2025-05-27
HIGH
8.2
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget…
CVE-2025-3704
2025-05-27
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DBAR Productions Volunteer Sign Up Sheets allows Stored…
CVE-2025-2236
2025-05-27
N/A
0.0
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability…
CVE-2025-48798
2025-05-27
HIGH
7.3
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files…
CVE-2025-48797
2025-05-27
HIGH
7.3
A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image…
CVE-2025-48796
2025-05-27
HIGH
7.3
A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI…
CVE-2025-5265
2025-05-27
MEDIUM
4.8
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user…
CVE-2025-5263
2025-05-27
MEDIUM
4.3
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability…
CVE-2025-5244
2025-05-27
MEDIUM
5.3
A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue…
CVE-2025-5117
2025-05-27
HIGH
8.8
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of…
CVE-2025-4412
2025-05-27
N/A
0.0
On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible…
CVE-2025-41653
2025-05-27
HIGH
7.5
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted…
CVE-2025-41652
2025-05-27
CRITICAL
9.8
The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could…
CVE-2025-41651
2025-05-27
CRITICAL
9.8
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially…
CVE-2025-41650
2025-05-27
HIGH
7.5
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations…
CVE-2025-41649
2025-05-27
HIGH
7.5
An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading…
CVE-2025-2407
2025-05-27
N/A
0.0
Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the…
CVE-2025-23393
2025-05-27
MEDIUM
5.2
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary…
« Anterior
Página 357 de 3516
Siguiente »
Page load link
Go to Top
